diff --git a/oauth2client/client.py b/oauth2client/client.py
index 7c8841799..9536cd243 100644
--- a/oauth2client/client.py
+++ b/oauth2client/client.py
@@ -495,6 +495,26 @@ def _update_query_params(uri, params):
     return urllib.parse.urlunparse(new_parts)
 
 
+def _initialize_headers(headers):
+    """Creates a copy of the headers."""
+    if headers is None:
+        headers = {}
+    else:
+        headers = dict(headers)
+    return headers
+
+
+def _apply_user_agent(headers, user_agent):
+    """Adds a user-agent to the headers."""
+    if user_agent is not None:
+        if 'user-agent' in headers:
+            headers['user-agent'] = (user_agent + ' ' + headers['user-agent'])
+        else:
+            headers['user-agent'] = user_agent
+
+    return headers
+
+
 class OAuth2Credentials(Credentials):
     """Credentials object for OAuth 2.0.
 
@@ -598,8 +618,9 @@ def new_request(uri, method='GET', body=None, headers=None,
 
             # Clone and modify the request headers to add the appropriate
             # Authorization header.
-            headers = self._initialize_headers(headers)
+            headers = _initialize_headers(headers)
             self.apply(headers)
+            _apply_user_agent(headers, self.user_agent)
 
             body_stream_position = None
             if all(getattr(body, stream_prop, None) for stream_prop in
@@ -834,19 +855,6 @@ def _generate_refresh_request_headers(self):
 
         return headers
 
-    def _initialize_headers(self, headers):
-        """Initialize the headers/apply user_agent as needed."""
-        if headers is None:
-            headers = {}
-        else:
-            headers = dict(headers)
-        if self.user_agent is not None:
-            if 'user-agent' in headers:
-                headers['user-agent'] = (self.user_agent + ' ' + headers['user-agent'])
-            else:
-                headers['user-agent'] = self.user_agent
-        return headers
-
     def _refresh(self, http_request):
         """Refreshes the access_token.
 
diff --git a/oauth2client/service_account.py b/oauth2client/service_account.py
index 5a49338ea..8fca83b06 100644
--- a/oauth2client/service_account.py
+++ b/oauth2client/service_account.py
@@ -27,6 +27,8 @@
 from oauth2client._helpers import _from_bytes
 from oauth2client._helpers import _urlsafe_b64encode
 from oauth2client import util
+from oauth2client.client import _apply_user_agent
+from oauth2client.client import _initialize_headers
 from oauth2client.client import AccessTokenInfo
 from oauth2client.client import AssertionCredentials
 from oauth2client.client import clean_headers
@@ -549,8 +551,9 @@ def new_request(uri, method='GET', body=None, headers=None,
             else:
                 # If we don't have an 'aud' (audience) claim,
                 # create a 1-time token with the uri root as the audience
+                headers = _initialize_headers(headers)
+                _apply_user_agent(headers, self.user_agent)
                 uri_root = uri.split('?', 1)[0]
-                headers = self._initialize_headers(headers)
                 token, unused_expiry = self._create_token({'aud': uri_root})
 
                 headers['Authorization'] = 'Bearer ' + token